[Vserver] PPP inside VServer
Hi All, I have what is staring to seem like a fairly unusual requirement and this is busy giving me nightmares. I've built a Linux-VServer with two VE's; each of which I would like to give access via modems and PPP to dial the outside world. So far, so good. I've managed to access the individual modems just fine using a device uniquely exported int each VE as /dev/modem. Accessing these modems using "cu -l /dev/modem" works fine, but when I try and bring up a PPP link I get the following: [EMAIL PROTECTED]:/# /usr/sbin/pppd.org user root call FOOCHAT chat: Aug 22 12:07:35 CONNECT 180 Serial connection established. Using interface ppp0 Connect: ppp0 <--> /dev/modem Could not determine remote IP address: defaulting to 10.64.64.64 ioctl(SIOCSIFDSTADDR): Cannot assign requested address(99) Connection terminated. Connect time 0.1 minutes. Sent 126 bytes, received 150 bytes. [EMAIL PROTECTED]:/# Please tell me what I'm missing here... Regards, Eugéne -- Eugéne Roux -The sentence for attempted murder should be Cynical Romantic, \ be the same as the sentence for successful Romantic Philosopher, \ murder. Otherwise we're just rewarding Philosophising Cynic- incompetence. -- Scott Adams signature.asc Description: This is a digitally signed message part ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] PPP inside VServer
Hi All, I have what is staring to seem like a fairly unusual requirement and this is busy giving me nightmares. I've built a Linux-VServer with two VE's; each of which I would like to give access via modems and PPP to dial the outside world. So far, so good. I've managed to access the individual modems just fine using a device uniquely exported int each VE as /dev/modem. Accessing these modems using "cu -l /dev/modem" works fine, but when I try and bring up a PPP link I get the following: [EMAIL PROTECTED]:/# /usr/sbin/pppd.org user root call FOOCHAT chat: Aug 22 12:07:35 CONNECT 180 Serial connection established. Using interface ppp0 Connect: ppp0 <--> /dev/modem Could not determine remote IP address: defaulting to 10.64.64.64 ioctl(SIOCSIFDSTADDR): Cannot assign requested address(99) Connection terminated. Connect time 0.1 minutes. Sent 126 bytes, received 150 bytes. [EMAIL PROTECTED]:/# Please tell me what I'm missing here... Regards, Eugéne -- Eugéne Roux"Fairy tales do not tell children the dragons Cynical Romantic, exist. Children already know dragons Romantic Philosopher, exist. Fairy tales tell children the Philosophising Cynic dragons can be killed." G.K. Chesterton ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] PPP inside VServer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Eugene, I'm not sure, but that may be a priviledge problem - try if it works when adding the appropirate capabilities if you haven't done so yet (I think it should be CAP_NET_ADMIN). However adding that capability is a security issue as the guest is allowed to change too many network settings then. Hope that's a starting point, greetings from Regensburg, Germany Baltasar ((( Baltasar Cevc ) World wide web: * http://www.openairkino.net/ (a project for the local youth; German only) * http://technik.juz-kirchheim.de/ (programming and admin projects) * http://baltasar.cevc-topp.de/ (private homepage) ) Phone: +49 176 232 20 822 ) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFE7cJpp2YsmzTbIwYRAmBEAKCV24UvCoylZgvLbPKU/T8qMJAz7ACgj20g u2/XESIwVtvs7oNXssJfkqI= =EDcL -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] listing of --bind mounts
It appears I'm clueless on this but I have RFTM or at least the man page for the mount command but still don't see a method. How do I get a listing of all the --bind (from /etc/vservers/$GUEST/fstab ) mounts from the host? All I'm seeing is the regular mounts; partitions, nfs, etc. TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] listing of --bind mounts
Roderick A. Anderson wrote: It appears I'm clueless on this but I have RFTM or at least the man page for the mount command but still don't see a method. How do I get a listing of all the --bind (from /etc/vservers/$GUEST/fstab ) mounts from the host? All I'm seeing is the regular mounts; partitions, nfs, etc. When you do what? I see the bind mounts just fine in /etc/mtab, as well as /proc/mounts. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] listing of --bind mounts
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: It appears I'm clueless on this but I have RFTM or at least the man page for the mount command but still don't see a method. How do I get a listing of all the --bind (from /etc/vservers/$GUEST/fstab ) mounts from the host? All I'm seeing is the regular mounts; partitions, nfs, etc. When you do what? I see the bind mounts just fine in /etc/mtab, as well as /proc/mounts. From the host mount doesn't show them but a vserver $GUEST exec mount does. It appears to be a context thingy. Anyway to run a command for all the 'active' contexts? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] listing of --bind mounts
* Roderick A. Anderson <[EMAIL PROTECTED]> [24.08.2006]: > It appears I'm clueless on this but I have RFTM or at least the man > page for the mount command but still don't see a method. > > How do I get a listing of all the --bind (from > /etc/vservers/$GUEST/fstab ) mounts from the host? > > All I'm seeing is the regular mounts; partitions, nfs, etc. if I got your point you should try "df -a" on the host. This gives you a list of all mount points, including soft mounts. Cheers, Steph. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] listing of --bind mounts
Stephan Mueller wrote: * Roderick A. Anderson <[EMAIL PROTECTED]> [24.08.2006]: It appears I'm clueless on this but I have RFTM or at least the man page for the mount command but still don't see a method. How do I get a listing of all the --bind (from /etc/vservers/$GUEST/fstab ) mounts from the host? All I'm seeing is the regular mounts; partitions, nfs, etc. if I got your point you should try "df -a" on the host. This gives you a list of all mount points, including soft mounts. Darn I was hoping it was this easy but no luck. I think it has to do with the 'soft mounts(?)' are in the context of the $GUEST. Thanks, Rod -- Cheers, Steph. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] PPP inside VServer
Hi Baltasar, On 24 Aug 2006, at 5:14 PM, Baltasar Cevc wrote: I'm not sure, but that may be a priviledge problem - try if it works when adding the appropirate capabilities if you haven't done so yet (I think it should be CAP_NET_ADMIN). However adding that capability is a security issue as the guest is allowed to change too many network settings then. I assumes so initially as well, but since I got little out of the system, I decided to throw CAPS at it in the hope that I could tighten up to the express limit it required once I got it working. I've given it SYS_ADMIN, SYS_TTY_CONFIG, NET_ADMIN and NET_RAW, but still no go. Hope that's a starting point, greetings from Regensburg, Germany Hey, I'll take any help I can get here... Cheerio, from a rather cold evening in Cape Town... Eugéne smime.p7s Description: S/MIME cryptographic signature PGP.sig Description: This is a digitally signed message part ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] new vserver network hanging
Been looking at this problem for 2 days now and can't figure it out -- hoping for some ideas as to what to look at. I just created a new Debian guest. Called it wwwint. My Debian distribution is on another machine called bermuda. I created the vserver by the following command: vserver wwwint build -m debootstrap --hostname wwwint --interface \ eth0:x.x.x.x -- -d sarge -m http://bermuda/debian -- --exclude=$REMOVE_PACKAGES The IP address I chose is unique to our internal net and $REMOVE_PACKAGES in this case did not evaluate to anythingg (I didn't set the variable in this particular build). bacapabilities file has CAP_NET_BIND_SERVICE in it. /etc/apt/sources.list is defined as: deb http://bermuda/debian/ stable main contrib non-free deb-src http://bermuda/debian/ stable main deb http://bermuda/security/ stable/updates main I have bermuda's IP defined in /etc/hosts so it finds it (or I don't and I just bermuda's IP address). What happens is that once I start wwwint, it sees all the network routes fine, as defined on the root server. It sees the default route and then any other networks/gateways we have. When I first do an apt-get update that works fine. Then I do "apt-get install locales" and that appears to work fine. I chose en_US IO-8859-1 and en_US.UTF-8 UTF-8. Then I try to do a base-config and suddenly my network hangs and I can't talk to bermuda anymore. If I try to do "netstat -r" it thinks about it for a few second and finally comes back. Any attempt of the rest of the Debian packages ends up stalling. If I try wget -d it attempts it and then I get a segmentation fault. None of my other vservers have this problem and neither does the root server. Any ideas as to how to troubleshoot this better than I'm obviously doing here? Thanks again for the help. Kathy ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] new vserver network hanging
On Thu, Aug 24, 2006 at 02:38:55PM -0700, Kathy Kost wrote: > > Been looking at this problem for 2 days now and can't figure it out -- > hoping for some ideas as to what to look at. > > I just created a new Debian guest. Called it wwwint. My Debian > distribution is on another machine called bermuda. I created the > vserver by the following command: > > vserver wwwint build -m debootstrap --hostname wwwint --interface \ > eth0:x.x.x.x -- -d sarge -m http://bermuda/debian -- > --exclude=$REMOVE_PACKAGES > > The IP address I chose is unique to our internal net and > $REMOVE_PACKAGES in this case did not evaluate to anythingg > (I didn't set the variable in this particular build). > > bacapabilities file has CAP_NET_BIND_SERVICE in it. is given by default, so should not be required > /etc/apt/sources.list is defined as: > > deb http://bermuda/debian/ stable main contrib non-free > deb-src http://bermuda/debian/ stable main > deb http://bermuda/security/ stable/updates main > > I have bermuda's IP defined in /etc/hosts so it finds it > (or I don't and I just bermuda's IP address). > > What happens is that once I start wwwint, it sees all the network > routes fine, as defined on the root server. It sees the default route > and then any other networks/gateways we have. sounds good ... > When I first do an apt-get update that works fine. Then I do "apt-get > install locales" and that appears to work fine. I chose en_US > IO-8859-1 and en_US.UTF-8 UTF-8. > Then I try to do a base-config and suddenly my network hangs and I > can't talk to bermuda anymore. sounds like base-config does mess with the networking, let's check the following here: - /proc/virtual//status (for caps) - ip addr ls (before and after the base-config) - ip route ls (again, before and after) (you might need to install the 'ip' utility from iproute2) > If I try to do "netstat -r" it thinks about it for a few > second and finally comes back. > Any attempt of the rest of the Debian packages ends up stalling. > If I try wget -d it attempts it and then I get a segmentation fault. that sounds like a wget bug, would not be the first one :) > None of my other vservers have this problem and neither does the root > server. > > Any ideas as to how to troubleshoot this better than I'm obviously > doing here? yep, try to provide the data mentioned above, and/or pay a visit to the irc channel (#vserver @ irc.oftc.net) for a more interactive experience :) HTH, Herbert > Thanks again for the help. > > Kathy > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] PPP inside VServer
On Thu, Aug 24, 2006 at 09:15:09PM +0200, Eugéne Roux wrote: > Hi Baltasar, > > On 24 Aug 2006, at 5:14 PM, Baltasar Cevc wrote: > > >I'm not sure, but that may be a priviledge problem - try if it works > >when adding the appropirate capabilities if you haven't done so yet > >(I think it should be CAP_NET_ADMIN). However adding that capability > >is a security issue as the guest is allowed to change too many > >network settings then. > > I assumes so initially as well, but since I got little out of the > system, I decided to throw CAPS at it in the hope that I could tighten > up to the express limit it required once I got it working. > > I've given it SYS_ADMIN, SYS_TTY_CONFIG, NET_ADMIN and NET_RAW, but > still no go. > > >Hope that's a starting point, greetings from Regensburg, Germany > > Hey, I'll take any help I can get here... > > Cheerio, from a rather cold evening in Cape Town... > Eugéne note to Baltasar Cevc: please don't remove stuff from email threads, just answer were appropriate (levaing the posting intact as quotation). TIA > Accessing these modems using "cu -l /dev/modem" works fine, but when I > try and bring up a PPP link I get the following: > [EMAIL PROTECTED]:/# /usr/sbin/pppd.org user root call FOOCHAT > chat: Aug 22 12:07:35 CONNECT 180 > Serial connection established. > Using interface ppp0 > Connect: ppp0 <--> /dev/modem > Could not determine remote IP address: defaulting to 10.64.64.64 > ioctl(SIOCSIFDSTADDR): Cannot assign requested address(99) > Connection terminated. > Connect time 0.1 minutes. > Sent 126 bytes, received 150 bytes. > [EMAIL PROTECTED]:/# could you run that through strace -fF please and narrow the syscalls down to the relevant ones around the ioctl(SIOCSIFDSTADDR)? TIA, Herbert > Please tell me what I'm missing here... > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] listing of --bind mounts
On Thu, Aug 24, 2006 at 10:55:28AM -0700, Roderick A. Anderson wrote: > Daniel Hokka Zakrisson wrote: > >Roderick A. Anderson wrote: > > > >>It appears I'm clueless on this but I have RFTM or at least the man > >>page for the mount command but still don't see a method. > >> > >>How do I get a listing of all the --bind (from > >>/etc/vservers/$GUEST/fstab ) mounts from the host? > >> > >>All I'm seeing is the regular mounts; partitions, nfs, etc. > > > > > >When you do what? I see the bind mounts just fine in /etc/mtab, as well > >as /proc/mounts. > > From the host > mount > doesn't show them but a > vserver $GUEST exec mount > does. > > It appears to be a context thingy. it actually is a 'namespace' thingy, so what you want to do is enter _all_ namespaces and list their view of the virtual filesystem layer ... unfortunately mainline does not provide a simple way to do so, but fortunately you can get away most of the time by using vnamespace ... > Anyway to run a command for all the 'active' contexts? a generic context loop in bash looks like this: for n in `cd /proc/virtual && ls -d [1-9]*`; do echo $n; done to enter a namespace use something like this: vnamespace -e -- [ ...] HTH, Herbert > Rod > -- > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] new vserver network hanging
Well, figures after I make a cry for help, I got it to start behaving. AFter probably the 10th reinstall of the guest, I started getting suspicious of the name I was using. This may have no bearing on what the real problem was but I was calling this guest wwwint and I already have a guest named www. Two days ago when I started this whole thing, I decided to call the new guest www2. Well, the system built it okay, but then it confused www with www2. Had all kinds of problems with that. I assumed it didn't like a numeric in the name. So decided wwwint. This go around, I deleted the guest again, and changed the name to intwww. Rebooted the entire machine. Now it's happy. Netstat doesn't hang any more and the base-config completed okay. So this is making me think that there was some resident confusion with the guest names both starting with "www". Seems odd to me, but it sure fixed my problem...! Kathy > > sounds like base-config does mess with the networking, > let's check the following here: > > - /proc/virtual//status (for caps) > - ip addr ls (before and after the base-config) > - ip route ls (again, before and after) > > (you might need to install the 'ip' utility from iproute2) > > > that sounds like a wget bug, would not be the first one :) > > > None of my other vservers have this problem and neither does the root > > server. > > > > Any ideas as to how to troubleshoot this better than I'm obviously > > doing here? > > yep, try to provide the data mentioned above, and/or pay > a visit to the irc channel (#vserver @ irc.oftc.net) for > a more interactive experience :) > > HTH, > Herbert > > > Thanks again for the help. > > > > Kathy > > > > ___ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > > ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
